Search CVE reports
1 – 9 of 9 results
Some fixes available 1 of 9
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
1 affected package
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmltooling | Needs evaluation | Vulnerable | Vulnerable | Vulnerable |
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was...
1 affected package
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmltooling | — | — | — | Fixed |
Some fixes available 2 of 3
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information...
1 affected package
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmltooling | — | — | — | Not affected |
Some fixes available 2 of 4
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive...
1 affected package
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmltooling | — | — | — | Not affected |
Some fixes available 2 of 9
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
2 affected packages
opensaml2, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opensaml2 | — | — | — | Not affected |
| xmltooling | — | — | — | Not affected |
Some fixes available 5 of 9
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opensaml | — | — | — | — |
| shibboleth-sp | — | — | — | — |
| xmltooling | — | — | — | — |
Some fixes available 3 of 9
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opensaml | — | — | — | — |
| shibboleth-sp | — | — | — | — |
| xmltooling | — | — | — | — |
Some fixes available 5 of 9
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opensaml | — | — | — | — |
| shibboleth-sp | — | — | — | — |
| xmltooling | — | — | — | — |
Some fixes available 1 of 11
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...
4 affected packages
opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| opensaml2 | — | — | — | — |
| shibboleth-sp | — | — | — | — |
| shibboleth-sp2 | — | — | — | — |
| xmltooling | — | — | — | — |